Hackers broke into Israeli defence ministry computers via an email attachment tainted with malicious software, according to an Israeli cyber-security company.
Aviv Raff, chief technology officer at Seculert, said the hackers temporarily took over 15 computers this month, one of them belonging toIsrael‘s civil administration, which monitors Palestinians in Israeli-occupied territory. The email attachment looked as if it had been sent by the country’s Shin Bet secret security service.
Raff said Palestinians were suspected of being behind the cyber-attack, citing similarities to an attack on Israeli computers more than a year ago from a server in the Hamas-ruled Gaza Strip. While the latest attack was conducted from a server in the US, experts noticed writing and composition similarities with the earlier attack, he said.
Israeli officials declined to comment on Raff’s findings. “We are not commenting on it. We don’t respond to such reports,” said Guy Inbar, a spokesman for the civil administration.
There was no immediate Palestinian comment on the report.
Seculert had not determined what the hackers did after the initial infection with Xtreme RAT software, Raff said. “All we know is at least one computer at the civil administration was in control of the attackers; what they did we don’t know.”
The civil administration is a unit of Israel’s defence ministry, which oversees the passage of goods between Israel and the West Bank and Gaza Strip, territories Israel captured in the 1967 war and which Palestinians want for a state.
The administration also issues entry permits to Palestinians who work in Israel.
Raff declined to identify the other 14 computers targeted by the hackers. An Israeli source said these included companies involved in supplying Israeli defence infrastructure.
Based on Raff’s analysis, the 15 computers were in the hackers’ grip for at least several days after the dispatch on 15 January of the email, which included an attachment about Ariel Sharon, the former prime minister, who had just died.
Hacking activity has surged in the Middle East in the past three years as governments and activist groups target the military, other state agencies, critical infrastructure, businesses as well as dissidents and criminal groups in order to gain information about their operations and disrupt them.
Raff’s company was able to “sinkhole” the operation this month, tricking the Xtreme RAT software into communicating with servers that Seculert controlled in order to discover which computers were infected and to deactivate the attack.
Xtreme RAT is a remote access trojan that gives hackers complete control of an infected machine. They can steal information, load additional malicious software on to the network or use the compromised computer as a beachhead from which to conduct reconnaissance and attempt to gain deeper access into the network, Raff said.
News of the cyber-attack came a day before a three-day Israeli cybertech conference being held in Jerusalem, and just after prime minister Binyamin Netanyahu plugged Israeli technological advances at the World Economic Forum in Davos.
Raff denied that there was any irony in the timing of his warning so soon after Netanyahu’s remarks. “Unfortunately there is no such thing as 100% safety either when it comes to physical risks or information security,” he said.